The "Bait and Switch" routine is an old sales tactic. A store will advertise something for an outrageously low price or some other kind of unbelievable deal. That gets you in the door, and then you hear things like, “We’re out of stock right now, but since you’re here, wouldn’t you like to look at this instead?” It’s an unethical thing to do, but I’m sure that more than one store out there still uses this practice.
Under the right conditions, hackers can do the same thing when you’re surfing the Web. Browser and application vulnerabilities allow a hacker to make you think you’re on one Web site, when you’re actually on another. From there, anything can happen.
Don’t let hackers frame you
Security firm Secunia discovered last July that a 6-year-old vulnerability that was thought to be patched is still present in browsers from multiple vendors.
This vulnerability allows a hacker to hijack a frame in a legitimate Web page. The perpetrator can then insert his own page in an effort to make you think that page is legit, too.
The booby-trapped page can then use other hacker methods to trick you. Because the page looks normal, you might reveal bank or credit card information, unknowingly install a Trojan horse on your computer, or fall prey to other tricks. This vulnerability exists because browsers didn’t validate frames to ensure they belonged to the Web site of the parent window.
Since this vulnerability was re-discovered, most browser vendors have supplied patches or upgrades to their browsers to re-fix this problem yet again. But not all have done so.
Browsers that are still vulnerable include:
• Internet Explorer 5.01 through 6.x
• Safari 1.2.2
• Konqueror 3.1-15redhat
Here’s a list of browsers that are no longer vulnerable: